VPN 3005 Upgrade to 4.01 caused RADIUS Auth. problems
I upgraded the VPN 3005 concentrator to 4.01 today and had to downgrade within an hour due to RADIUS authentication problems for users connecting using Microsoft UPN names e.g. firstname.lastname@example.org
The Concentrator config is that we have a Group setup "whatever.com" that sends all the authentication requests to Windows 2000 IAS (RADIUS).
Before the Upgrade, in the IAS Log files the Username sent from VPN to IAS was the actual name as email@example.com
After the Upgrade any user using the UPN form was unable to connect. The IAS log files showed that VPN was sending the Username as only joe.billy and "@whatever.com" part was truncated, which resulted in Authentication failures. Any user using WHATEVER\jbilly worked ok...
Have anyone else seen ths behaviour ?
Should i have configured something in the VPN after upgrading it ?
(In Group-->general Properties, i DID have the Strip Realm box UN-CHECKED).
Re: VPN 3005 Upgrade to 4.01 caused RADIUS Auth. problems
I think you that you should probably have a look at bugs CSCdz43263 and CSCea12933 though the problem documented in the second bug is slightly different. The bug talks about the groupname not being stripped off and the concentrator trying to authenticate based on Username+Groupname instead of the Username alone.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...